From: Anthony Howe
Date: 2004-10-01 06:06:29 -0400
Subject: Re: How to cope with big big big but braindead ISPs
More information..: http://www.milter.info/#Support
Sascha Vogt wrote:
> Now this ISP, lets call them AON from now on, uses 12 dedicated
> SMTP-Servers to deliver mail of their dialup and DSL-customers. They are
> called email01... to email12.aon.at. Dont ask me why but if you dig for one
> of these hosts in DNS you will learn they are using RFC 1918 addresses for
> them and have no MX-Records defined.
> For incoming traffic they have another one, called email.aon.at with a real
> IP-Address and of course the MX-Record of aon.at is pointing to that host.
> So of course milter-sender refuses to accept mail from these 12 servers and
> gives them a nice errormessage explaining that they are violating RFC 3330
> and some other and therefore are f*cking loosers.
> Wonderfull, really nice :-)
> 40% Marketshare, are FOURTY PERCENT! Thousands of employes... A call-center
> with at least three levels to filter callers before they might get in touch
> with a person who might have heard something like RFCs exists...
> And of course nobody would expect somebody to read the log-files of those
> 12 servers...
> And my users are moaning for mail of their beloved ones...
> But being a real fan of Marks milters I wouldn't open some those options in
Mark? Who's Mark? milter-sender is written by Anthony. Hmm. Sounds
like a Copyright violation to me.
> milter-sender or generally white-list aon.at-users. Here's my way to handle
> such a braindead ISP.
Since email*.aon.at publish RFC 3330 in public internet space, which is
a stupid thing to do, but some universities and other supposedly clever
institutions are too lazy to setup a private internal DNS.
email12.aon.at. 1D IN A 172.18.5.90
This is a private B class network, so make sure milter-sender.cf specifies:
Also you want to disable
since the reverse PTR lookup and forward DNS will never work. This might
also be required:
> Make entries for those hosts with RFC-1918 addresses in your local hosts
> file. Give them the IP of the inbound Server (email.aon.at)
> 22.214.171.124 email01.aon.at
> 126.96.36.199 email12.aon.at
> Create /etc/mail/mailertable entries for each of them to...
> email01.aon.at esmtp:email.aon.at
> email12.aon.at esmtp:email.aon.at
> Milter-Sender see's a valid IP for those hosts now and doesn't claim
Actually it sees that you have done something special with mailertable
are willing to route them. Of course spam from email*.aon.at can now be
relayed to email.aon.at, but its limited.
> RFC-3330 violations any more and he asks email.aon.at to verify the
> senders. AND none of the filter-mechanisms had to be disabled for the rest
> of the world.
Cute. Essentially you have given the mail servers from private IP space
the public IP address of their MX in /etc/hosts. I'm curious why you
added the mailertable entries though?
The solution I would have suggested would have been to add to
Which of course allows these servers to by-pass milter-sender hopefully
to be caught be a 2nd spam defence.
Anthony C Howe +33 6 11 89 73 78
7116561 AIM: Sir Wumpus
"Once...we were here." - Last of The Mohicans
Copyright 2009, 2012 by SnertSoft. All rights reserved.